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ABSTRACT 

Emerging  military  aerospace  system 
operational  goals,  such  as  autonomy,  will  require 
advanced  safety-critical  control  systems  consisting 
of  unconventional  requirements,  system 
architectures,  software  algorithms,  and  hardware 
implementations.  These  emerging  control  systems 
will  significantly  challenge  current  verification 
and  validation  (V&V)  processes,  tools,  and 
methods  for  flight  certification.  Ultimately, 
transition  of  advanced  control  systems  that  enable 
transformational  military  operations  will  be 
decided  by  affordable  V&V  strategies  that  reduce 
costs  and  compress  schedules  for  flight 
certification.  This  paper  describes  a 
comprehensive  plan  and  preliminary  results  for  a 
study  of  V&V  needs  for  emerging  safety-critical 
control  systems  in  the  context  of  military 
aerospace  vehicle  flight  certification. 

INTRODUCTION 

Flight-safety-critical  system  development 
begins  with  system-level  requirements  and  ends 
with  a  validated  implementation  in  hardware  and 
software,  as  illustrated  in  Figure  1.  Flight-safety- 
critical  system  software  is  any  software  that 
controls  or  monitors  hardware  whose  reliability, 
location,  or  performance  directly  impacts  the  areas 
of  probability  of  loss  of  control  (PLOC), 
survivability,  aircraft  performance,  and  crew 
safety.  Specific  types  of  testing  of  flight-critical 
software  are  oriented  to  the  verification  of  these 
four  high-level  requirements,  and  any  software 
errors  that  remain  are  not  flight  critical. 
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Figure  1  -  Classic  “V”  of  System  Development 


Safety  guidelines  address  all  aspects  of 
software-controlled  functions  including  hazard 
analysis  and  testing  to  ensure  stable,  predictable 
software  behavior.  Hazard  analyses  for  safety- 
critical  systems  identify  hazardous  functions  that 
are  used  to  evaluate  software  requirements  for 
adequacy  in  mitigating  any  safety  risks.  Hazard 
analysis  also  includes  analysis  of  software 
functional  descriptions,  including  software 
capability  catalogs  and  software  requirements 
specifications.  Software  causal  factors  are 
uncovered  in  the  hazard  analysis  and  are  modeled 
using  a  functional  logic  diagram  similar  to  a  fault 
tree  to  graphically  represent  logic  paths  resulting 
in  a  hazard.  These  results  are  then  used  to 
recommend  design  provisions  and  tests  to  validate 
hazard  controls.  Prescribed  safety  and  reliability  is 
a  significant  challenge  for  current  safety-critical 
software,  since  there  is  no  known  correlation 
between  test  coverage  and  hazard  coverage. 

Requirements,  design,  and  test  coverage  and 
their  quantification  all  significantly  impact  overall 
system  quality,  but  control  law  software  test 
coverage  is  especially  significant  to  development 
costs.  For  current  systems,  control  law,  software 
implementation,  and  test  comprise  over  60%  of 
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total  development  costs  (Figure  2).  This 
percentage  will  be  even  higher  using  current 
verification  and  validation  (V&V)  strategies  on 
emerging  autonomous  control  systems.  Although 
traditional  certification  practices  have  historically 
produced  sufficiently  safe  and  reliable  systems, 
they  will  not  be  cost  effective  for  next-generation 
autonomous  control  systems  due  to  inherent  size 
and  complexity  increases  from  added 
functionality. 
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Figure  2  -  System  Cost  Model 


Next-generation  unmanned  air  vehicles 
(UAVs)  and  unmanned  space  vehicles  will  require 
advanced  safety-critical  system  attributes  to  enable 
safe  autonomous  operations.  These  emerging 
attributes  will  manifest  themselves  in  all  aspects  of 
the  system  including  requirements,  system 
architectures,  software  algorithms,  and  hardware 
components.  Future  requirements  may  impose  a 
reliability  allocation  to  software,  may  be  driven  by 
payload  or  other  subsystems  in  lieu  of  pilot 
workload,  or  may  take  on  totally  different  forms  to 
accommodate  die  safety  of  functionality  that 
replaces  the  pilot  [1],  Advanced  system 
architectures  may  be  highly  redundant  and  may 
include  integration  of  functions  with  various  levels 
of  criticality  among  physically  distributed 
asynchronous  processors.  Software  algorithms 
may  be  adaptive,  learning,  optimal,  and  predictive 
to  provide  necessary  intelligence  for  on-line 
reconfiguration,  decision-making,  reasoning,  and 


cooperation  [2,3].  Future  hardware  may  consist  of 
a  family  of  malleable  processing  elements  to 
include  compute  cores,  caches,  memory  structures, 
data  paths,  network  interfaces,  network  fabrics 
with  incremental  instructions,  operating  system 
(OS),  and  network  protocols  that  have  the  ability 
to  reconfigure  to  match  changing  mission  and 
scenario  demands  [4,5,6],  These  emerging 
attributes  may  increase  the  size  and  complexity  of 
control  systems  beyond  the  capability  of  current 
V&V  practices  as  observed  in  projected  source 
lines  of  code  (SLOC)  in  unmanned  reconnaissance 
air  vehicles  (URAV)  and  unmanned  combat  air 
vehicles  (UCAV)  (Figure  3). 

I',’  ■ . ■ . — T . .  V 


Figure  3  -  Complexity  Growth  from  Autonomy 

Truly  autonomous  operations  will  require  air 
and  space  vehicle  safety-critical  control  system 
enhancements  to  achieve  required  safety  levels 
without  reliance  on  human  intervention.  Flight 
critical  systems  requirements  assert  that  die 
occurrence  of  any  failure  condition  that  would 
prevent  the  continued  safe  flight  and  landing  of  the 
airplane  shall  be  extremely  improbable.  This 
requirement  is  commonly  specified  in  terms  of 
PLOC  due  to  failure  being  less  than  10‘7  for 
military  aircraft  and  currently  verified  through 
semi-exhaustive  quantitative  and  qualitative  test 
methods. 

As  emerging  safety-critical  systems  become 
more  complex,  system  certification  costs  will 
increase  exponentially  due  to  a  projected  increase 
in  required  testing  resources,  such  as  hardware  in 
the  loop  (HIL)  testing  labor  (Figure  4). 
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Figure  4  -Testing  Hours  Are  Forecast  to  Triple 

Planned  test  automation  improvements  will 
certainly  reduce  testing  hours  but  may  not 
sufficiently  reduce  them  for  emerging  control 
system  requirements.  Rigorous  verification  of  the 
PLOC  requirement  may  not  be  cost  effective  in  the 
presence  of  these  system  enhancements. 

OBJECTIVES 

The  technical  scope  of  this  study  is  V&V  of 
emerging  safety-critical  control  systems  for  flight 
certification  of  military  air  and  space  vehicles  with 
emphasis  on  autonomous  vehicles.  The  proposed 
effort  will  focus  on  software  V&V  due  to  its 
significance  to  overall  costs.  However,  model  and 
system-level  V&V  will  be  considered  due  to  their 
inherent  tight  interconnections.  Consideration  of  a 
comprehensive  view  of  V&V  allows  development 
of  appropriate  software  V&V  strategies  that  are 
easily  transitioned  into  full  system-level  V&V  for 
flight  certification. 

Our  primary  goal  is  to  enable  affordable 
development  of  future  safety-critical  systems  with 
prescribed  levels  of  safety  and  reliability.  Our 
objective  is  to  study,  develop,  and  demonstrate 
effective  V&V  strategies  and  metrics  for  advanced 
safety-critical  control  system  flight  certification. 
Specific  technical  objectives  include: 

•Classify  emerging  safety-critical  control 

systems  by  their  inherent  fundamental 

characteristics  that  challenge  traditional 

certification  practices 

•Develop  and  demonstrate  preliminary  V&V 
strategies  that  focus  on  critical  schedule  and 
cost  points  within  flight  certification 


•Identify  critical,  high-payoff  V&V  process, 
tool,  and  method  technologies  for  further 
development. 

These  technical  objectives  address  relevant 
technical  challenges  that,  if  solved,  will  provide 
significant  benefits.  Specific  technical  challenge 
areas  include  prescribed  flight  safety  levels, 
coverage  and  its  quantification,  system  and 
software  complexity,  software  size,  scalability  of 
solutions,  failure  mode  coverage,  learning  and 
adaptive  algorithms,  and  affordable 
development/V  &V.  The  primary  benefit  of 
achieving  these  objectives  is  enabling  cost- 
effective,  rapid  development  of  safe  and  reliable 
autonomous  safety-critical  systems. 

APPROACH 

Our  approach  centers  on  exploiting  key 
interactions  between  V&V  and  flight  certification 
of  safety-critical  autonomous  control  systems. 
These  interactions  will  be  studied  in  the  five 
primary  tasks  described  in  the  following  sections. 
Emerging  Control  System  Study 

The  Emerging  Control  System  Study  includes 
tasks  that  address  critical  elements  of  system 
design  such  as  requirements,  architecture, 
algorithm,  and  implementation.  Our  requirements 
study  will  identify  current,  planned,  and  future 
capabilities  of  emerging  control  systems.  The 
architecture  study  will  identify  current,  planned, 
and  future  functional  and  physical  architectures 
that  accommodate  the  requirements.  In  the 
algorithm  study,  we  will  identify  algorithms  to 
populate  the  advanced  architectures.  The 
implementation  study  will  identify  software  code 
implementations  of  the  algorithms  and  hardware 
implementations  of  the  software  code.  The 
primary  product  from  this  task  is  a  study  report 
and  database  that  will  capture  relevant  aspects  of 
representative  emerging  safety-critical  control 
system  design  across  the  industry.  Subsequent 
Control  Characteristics  and  V&V  Needs  Study  and 
Innovative  Flight  Certification  Strategies 
Development  tasks  will  assess  and  compare  the 
data  from  this  task. 

Control  Characteristics  and  V&V  Needs  Study 
The  objective  of  the  Control  Characteristics 
and  V&V  Needs  Study  is  to  identify  critical  V&V 
process,  tool,  and  method  technology  needs  for 
guiding  the  development  of  innovative  flight 
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certification  strategies  that  significantly  reduce 
certification  costs  and  schedule.  This  task  consists 
of  an  emerging  control  system  characterization,  a 
flight  certification  process  review  and  deficiencies 
assessment,  and  a  needs  assessment  for  V&V  tools 
and  methods.  Our  approach  is  to  characterize  the 
database  of  emerging  safety-critical  control 
systems  according  to  structures,  features,  and 
attributes  that  have  significant  impact  to  flight- 
safety  certification  cost  and  schedule.  We  plan  to 
review  current  flight  certification  practices, 
including  design,  analysis,  test,  and  V&V,  to 
identify  process  challenges  and  deficiencies  for 
certification  of  emerging  autonomous  control 
systems.  We  also  plan  to  assess  V&V  tool  and 
method  needs  for  improving  flight  certification 
cost,  flight  certification  effort,  and  accuracy  of 
emerging  control  system  safety,  reliability,  and 
behavior.  Our  characteristics  review  and  needs 
assessment  approach  is  based  on  impact  to  flight 
certification  cost  and  schedule  and  feasibility  of 
correcting  critical  needs  that  relate  to  a  variety  of 
characteristics.  The  primary  product  of  this  task  is 
a  Control  Characteristics  and  V&V  Needs  Study 
report  that  will  guide  the  development  of 
innovative  flight  certification  strategies. 

Emerging  autonomous  control  systems  have 
certain  characteristics  and  attributes  that  challenge 
current  and  planned  V&V  processes,  tools,  and 
methods.  Challenging  algorithm  functional 
attributes  may  include  adaptation,  intelligence  or 
learning,  optimization,  prediction,  reasoning, 
decision-making,  and  cooperation.  Challenging 
system  architecture  structural  features  may  include 
function  integration  and  physical  distribution  that 
require  synchronization.  However,  these  system 
attributes  may  be  further  categorized  by 
fundamental  mathematical  properties  that  better 
characterize  V&V  challenges.  For  example,  non¬ 
determinism  of  intelligent  and  reasoning 
algorithms  is  what  truly  challenges  current  V&V 
practices. 

Our  needs  assessment  approach  leverages  an 
organizational  framework  that  links  control  system 
characteristics  directly  to  V&V  needs  through 
fundamental  mathematical  properties  (Figure  5). 
This  innovative  approach  enables  a  traceable, 
focused  identification  of  the  most  critical  flight 
certification  process,  tool,  and  method  deficiencies 
based  on  a  solid  mathematical  foundation. 


Application  and  algorithm  classes  will  be 
established  and  relevance/importance  of  properties 
will  be  identified  for  each  class  and  each 
development  phase.  This  study  will  map 
technologies/techniques  to  relevance  areas, 
identifying  high-payoff  (exploitation)  areas  and 
guiding  development  of  new  techniques  and 
technologies. 


■V-nrazn '  ‘ s rrz era  1^2 czz kt* *zs 
m.  nrs*  csss  £  &sm  mtm  mm  mm  m  mm  n  mm 
mm m&ins&sjirg®  sspssiaaw; ma  w«BsaaB»r  ja  ] 

9  zzmm  saw*  «a*  mm  mm  mm  mm  KiCi  wph 

S  -  sw  visa  mm  mm  er*  miib  mm  mm  \ 

■  safes  :m&  v,  maa  mm  mm  mm  mm  mm  wcm mm  l 

;  .7.’...  W  r  **  -m  mm  tmm  urm htm mm  I 


4  Z& 


Figure  5  —  Assessment  Framework 


Our  control  characterization  approach  is  to 
focus  on  requirements  and  algorithmic 
characteristics  while  considering  their  software 
implementation  within  hardware  system 
architectures.  We  will  utilize  the  database  of 
emerging  safety-critical  control  systems  to  identify 
critical  requirements  specification,  algorithm 
functional,  system  architectural,  and 
implementation  characteristics. 

We  will  first  identify  critical  challenging 
requirements  attributes  and  how  these  evolve  into 
functional  and  architectural  attributes  such  as 
adaptation,  intelligence,  decentralized,  and  others 
to  be  determined.  These  functional  attributes  will 
then  be  reviewed  to  identify  and  precisely  define 
critical  challenging  mathematical  properties  such 
as  non-determinism,  non-stationary,  and  others  to 
be  determined.  These  mathematical  properties  will 
be  the  basis  used  for  the  needs  assessment  of  flight 
certification  V&V  processes,  tools,  and  methods. 
We  will  also  identify  metrics  (e.g.  McCabe 
software  metrics  [7])  and  tests  for  determining 
existence  of  the  emerging  control  characteristics. 

There  are  well-established  flight  certification 
processes  that  have  evolved  over  time  to  provide 
highly  safe  and  reliable  flight  systems.  However, 
cost  effectiveness  of  these  processes  needs  to  be 
improved  for  next-generation  systems.  We  will 
review  the  current  flight  certification  processes 
considering  the  emerging  control  system 
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characteristics  and  based  on  an  innovative  process 
representation  that  allows  us  to  identify  criticality 
of  current  V&V  process  deficiencies.  A  primary 
product  of  this  task  is  a  representative  model  of 
flight  control  system  development  using  current 
practices,  processes,  methods,  and  tools. 

Our  approach,  notionally  depicted  in  Figure  6, 
is  based  on  determining  the  most  critical  cost  and 
schedule  impact  points  within  current  processes. 
This  approach  allows  quick  focus  on  the  most 
relevant  tools,  methods,  and  process  areas  that  will 
significantly  impact  cost  and  schedule.  We  will 
first  review  flight  certification,  software 
development,  and  V&V  process  flow  diagrams. 
Then  these  process  elements  will  be  mapped  to  a 
notional  schedule.  For  each  scheduled  activity, 
cost  estimates  will  be  established  based  on 
required  manpower  and  resources.  This  will 
provide  a  critical  path,  time-phased,  resource- 
loaded  representation  of  system  development  for 
evaluation.  We  will  then  assess  the  impact  of  the 
emerging  control  characteristics  on  current  state- 
of-the-art  system  development  using  the 
representative  development  model.  This  will 
assist  in  identification  of  critical  needs  that  have 


are  being  developed,  and  map  the  most  applicable 
tools  and  methods  to  the  activities  in  our 
representative  development  model.  We  will  assess 
a  comprehensive  set  of  V&V  processes,  tools,  and 
methods  from  our  team’s  database  and  the  existing 
literature  at  large  based  on  objective  metrics 
established  during  the  study.  Assessment  metrics 
may  include  flight  certification  cost,  flight 
certification  effort,  flight  certification  time, 
accuracy  of  advanced  system  behavior,  and  others 
determined  during  the  program.  The  assessment 
will  identify  deficiencies  and  needs  that  are 
traceable  to  the  specific  emerging  control  system 
within  our  structured  framework  (Figure  5).  This 
assessment  will  include  a  detailed  description  of 
how  and  why  current  V&V  techniques  are  not 
suitable  to  emerging  advanced  flight-safety-critical 
systems.  This  assessment  will  be  the  basis  for  the 
identification  of  V&V  needs. 


Flight  Certification  Strategies  Development 

The  objective  of  the  Innovative  Flight 
Certification  Strategies  Development  task  is  to 
develop  strategies  that  most  favorably  impact  cost 
reduction  and  schedule  compression  for  flight 
certification.  For  example,  system  development 


most  favorable  impact  on  emerging  control  system 
cost  and  schedule. 


Figure  6  -  Critical  Path  Process  Analysis 


schedules  may  be  significantly  compressed  by 
formalized  time  phasing  alone  in  which  testing  is 
started  earlier  in  the  development  cycle  (Figure  7). 
Additional  cost  and  schedule  reductions  are 
possible  by  reducing  V&V  testing  time  with 
improved  processes,  tools,  and  methods. 


Figure  7  -  Process  Improvements 


This  task  will  include  sub-tasks  that  address 
development  of  requirements,  refinement  of  flight 
certification  processes,  development  of  V&V 


Once  we  have  identified  deficiencies  in  current 
practices  applied  to  emerging  control  system 
characterisitics,  we  will  survey  technologies  that 


methods,  and  development  of  representative 
systems.  We  will  derive  requirements  needed  to 
improve  the  deficiencies  identified  in  the  design, 
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analysis,  test,  V&V,  and  implementation 
development  phases.  We  will  refine  current  flight 
certification  processes  and/or  create  innovative 
certification  strategies  that  address  these 

requirements.  Feasible  V&V  strategies  that 

improve  flight  safety  while  reducing  software 
development  and  life-cycle  costs  (LCC)  will  be 
developed.  We  will  also  develop  representative 
system  models  and  software  implementations  that 
capture  critical  attributes  and  characteristics  of 
advanced  safety-critical  systems  to  be  used  in  the 
evaluation  of  the  innovative  flight  certification 
strategies  and  V&V  methods.  The  primary 

products  of  this  task  are  requirements  for 
improved  flight  certification,  preliminary  flight 
certification  strategies  and  concepts,  and 

representative  safety-critical  systems  that  may  be 
used  to  evaluate  the  certification  strategies. 

Our  innovative  technical  approach  to  this  task 
centers  on  a  three-view  perspective  of  flight- 
critical  systems  (Figure  8).  All  three  orthogonal 
views  (functional,  object  /  entity  /  data,  and 
dynamic  /  control  /  behavior)  are  present  in  the 
system  simultaneously,  and  must  be 
comprehensively  verified  and  validated  for  flight 
certification.  Our  approach  will  focus  on 
developing  innovative  certification  strategies  that 
address  these  three  system  views  through  all 
system  development  phases. 

¥■ . : ■  ■  *  t - 


fAiwi  n 

AJ2-OWB1Q2B 

Figure  8  -Safety-Critical  System  Views 


Our  approach  is  to  investigate  V&V  process, 
tool,  method,  and  technology  that  impact  all 
phases  of  system  development.  Early 
development  phase  activities  focus  on  the  initial 
translation  of  requirements  into  concrete  design 
artifacts  such  as  model-based  design 
environments,  formal  specification  techniques  [8], 
and  advanced  V&V-aware  design  techniques 
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[9,10].  Mid-phase  development  activities  typically 
include  the  expression  of  a  design  into  executable 
software  and  preliminary  testing  and  verification 
such  as  control  analysis  [11,12],  software 
implementation  [13],  and  formal  V&V 
[14,15,16,17].  Late  development  phase  activities 
focus  on  test  and  review  for  certification  and  may 
be  impacted  by  improvements  to  automated  test 
[18]  and  process-based  certification. 

Proof  of  Concept 

Our  efficient  proof-of-concept  approach  will 
enable  a  focused  preliminary  feasibility 
assessment  of  the  most  promising  innovative  flight 
certification  strategies.  This  task  consists  of 
evaluation  metrics  definition,  trade  study 
comparison  of  concepts,  and  a  simple  component 
demonstration.  We  will  define  the  most  critical 
metrics  that  capture  efficiency  improvements  in 
V&V  of  safety-critical  systems  for  flight 
certification,  such  as  testing  hours  and  coverage. 
We  will  compare  strategies  against  these  metrics 
using  analysis  results  which  are  qualitatively 
entered  into  established  trade  tools.  The  most 
promising  strategies  will  be  demonstrated  within  a 
representative  flight  certification  V&V  cycle. 

We  will  define  critical  metrics  for  V&V 
methods  and  flight  certification  strategies  proof  of 
concept  evaluation.  The  metrics  will  consider  all 
aspects  of  development  including  design,  analysis, 
test,  V&V,  including  control  performance 
verification  and  end  software  production.  Baseline 
critical  metrics  to  be  considered  include 
feasibility,  flight  safety,  software  development 
cost,  LCC,  flight  certification  cost,  flight 
certification  effort,  and  accuracy  of  advanced 
system  behavior.  Other  potential  metrics  to  be 
considered  include  schedulability,  resource 
utilization,  quality  of  service,  test  coverage, 
reachability,  touch  labor  reduction,  product  size 
(SLOC),  design  cycle  time,  software  defect 
density,  reliability,  maintainability,  and  retrofit. 

Our  strategy  and  concept  comparison  will  start 
with  an  appropriate  mixture  of  theoretical, 
simulation,  and  experimental  analysis  to  cover  all 
aspects  of  evaluation.  The  concepts  will  be 
qualitatively  assessed  against  the  critical  metrics 
based  on  the  analysis  results  to  illustrate  the  initial 
safety-critical  application  feasibility  of  the 
concepts.  The  assessment  will  include 
accommodation  of  any  known  or  predicted  issues 
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concerning  the  methods  for  flight  certification  of 
emerging  flight  critical  software.  The  qualitative 
assessment  will  be  used  in  existing  trade  tools  for 
the  final  comparison  ranking.  The  ranking  results 
will  be  used  to  identify  the  most  promising 
concepts  for  demonstration. 

Although  focused  on  software  V&V,  our 
component  demonstration  will  be  based  on  a 
representation  of  the  actual  flight  certification 
cycle  to  capture  relevant  issues  within  the  ultimate 


Figure  9  -  Concept  Demonstration 


We  will  demonstrate  the  most  promising  V&V 
techniques  and  certification  strategies  within  the 
context  of  component  level/unit-test  of  the 
representative  future  safety-critical  systems.  This 
demonstration  will  show  applicability  toward  an 
ultimate  application  in  flight  certification  of  future 
intelligent  and  adaptive  control  systems.  This 
demonstration  will  be  developed  to  mimic  a  real 
safety-of-flight  (SOF)  board.  This  mock  SOF 
board  consisting  of  aircraft  program  personnel  will 
be  assembled  to  demonstrate  the  innovative  flight 
certification  strategies. 

Technology  Maturation  Planning 

For  the  technology  development  planning  and 
reporting  task,  our  objective  is  to  develop  a 
technology  investment  plan  based  on  a  prioritized 
list  of  preferred  innovative  V&V  technologies. 
The  prioritized  technology  list  will  be  developed 
using  the  proof-of-concept  evaluation  results. 

We  will  complete  technology  roadmaps  for 
promising  V&V  technologies  based  on  well- 
established  team  methodologies  and  fundamental 
principles  and  approaches  in  the  literature  [19]. 
Using  the  risk  waterfall  template  shown  in  Figure 
10,  we  will  complete  a  technology  maturation  plan 
for  each  of  the  emerging  technologies  identified 
during  the  program.  We  will  provide  detailed 
information  and  roadmaps  for  the  continued 
investment  and  development  of  innovative  V&V 


technologies  for  the  purpose  of  making  the 
technologies  ready  for  the  certification  of 
emerging  advanced  control  systems. 


Figure  10  -  Risk  Waterfall  Assessments 
STATUS 

The  study  schedule  is  illustrated  in  Figure  11. 
At  the  time  of  submission,  we  had  completed  the 
Emerging  Control  System  Study  task  and  begun 
the  Control  Characterization  and  V&V  Needs 
Study  task.  We  have  also  compressed  the 
schedule  to  complete  the  entire  program  by 
September  2004. 


Emerging  Control  System  Study 

The  main  products  from  the  Emerging  Control 
System  Study  task  are  a  database  of  control  system 
development  projects  and  detailed  documentation 
from  ten  representative  Emerging  Control  Systems 
identified  from  this  database.  We  have  made 
significant  progress  in  developing  these  products. 
We  have  defined  the  Emerging  Control  System 
data  collection  format  and  developed  a  Microsoft 
Access  tool  for  collecting  the  data  (Figure  12). 

Each  team  member  has  reviewed  their  past, 
current,  planned,  and  future  programs  and  input 
summary  data  into  the  database  tool.  We  have 
populated  the  database  with  data  from  more  than 
40  projects  and  programs.  We  have  begun  to 
study  and  analyze  the  summary  data  in  preparation 
for  a  down-select  to  a  subset  of  programs  that  will 
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define  the  representative  Emerging  Control 
Systems  that  will  be  carried  through  the  remainder 
of  the  study. 


Figure  12  -  Control  System  Database 


Each  database  project  has  been  scored  based  on 
an  assessment  of  primary  and  secondary  criteria. 
The  primary  criteria  are  advanced  or  emerging 
control  level  and  availability  of  detailed  data  for 
further  evaluation.  The  emerging  control  level  is  a 
qualitative  criterion  that  we  defined  that  captures 
whether  a  project  is  behind  (low),  within 
(medium),  or  beyond  (high)  the  current  state-of- 
the-art.  Secondary  evaluation  criteria  included 
diversity  among  control  domain  and  application 
area  to  widen  relevance  of  study  results.  In  the 
context  of  this  study,  control  domain  captures  the 
area  of  control  (i.e.  inner-loop,  guidance,  etc.)  and 
application  domain  captures  the  area  of  product 
type  for  which  the  control  is  applied  (e.g.  military 
aircraft,  military  spacecraft,  etc.).  From  this 
assessment  and  scoring,  the  projects  in  Table  1 
were  identified  as  our  preliminary  representative 
emerging  control  systems. 

Table  1  -  Emerging  Control  Systems  (ECS) 


ECS  PROJECT 

DESCRIPTION 

AIMSAFE  /  RESTORE 

Integrated 

Management,  Adaptive 
Control 

ICARUS 

Intelligent  Autonomy 

LOCAAS 

Autonomous  Control 

Enhanced  GNC 
Algorithms 

Dynamic  Programming 
Optimization 

XACT 

Adaptive  Failure 
Management 

Software  Enabled 
Control 

Optimal  Trajectory 
Generation 

EDCS  F-16  Autopilot 

Outer  Loop  Hybrid 
Control 

Engine  Control  Cutoff 
Mode 

Nonlinear  Hybrid 
Control 

Intelligent  Engine 
Control 

Intelligent  Failure 
Management 

Intelligent  Maintenance 
Advisor  for  Turbine 
Engines 

Model-based  Health 
Management 

Formation  Flying 
Spacecraft 

Multi-vehicle  Control 

Control  Characteristics  and  V&V  Needs  Study 

We  have  identified  a  preliminary  set  of 
emerging  control  characteristics  within  the  Control 
Characterization  and  V&V  Needs  Study  Task.  We 
have  also  constructed  a  preliminary  representative 
flight  control  system  development  plan.  This  plan 
was  developed  by  utilizing  existing  engineering 
processes  and  actual  product  program 

development  plans  from  industry  team  members. 
This  plan  represents  a  traditional  development 
process  with  qualitative  schedule  and  cost 

assessments  included.  Our  plan  is  to  assess  the 
impact  of  Emerging  Control  System 

characteristics  on  this  system  development  plan. 
The  control  characteristic  impacts  will  be 

prioritized  to  address  V&V  needs  based  on 
schedule  and  cost  criticality  within  this 
representative  development  plan. 

CONCLUSIONS 

We  have  developed  a  study  plan  to  identify 
V&V  technologies  that  significantly  reduce  costs 
and  compress  schedules  of  military  aerospace 
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vehicle  flight  certification.  Our  innovative 
approach  is  based  on  a  comprehensive  system 
development  and  operational  perspective  and 
sound  system  engineering  principles.  We  have 
compiled  a  database  from  which  the  industry  at 
large  may  draw  upon  and  identified  a  preliminary 
set  of  representative  emerging  control  systems 
which  will  be  utilized  for  preliminary  V&V 
technology  development  and  technology 
maturation  planning. 
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